Cybersecurity M&A Roundup: 43 Deals Announced in September 2021
The number of cybersecurity-related mergers and acquisitions announced in the past months has remained constant, with roughly 40 deals announced in September 2021 as well.
September 1 – 15
Governance, risk, and compliance (GRC) advisor in financial services ACA Group announced buying Catelas, a company that has developed an electronic communications (eComms) surveillance and investigations platform that detects high-risk activities and behaviors in an organization. ACA said the acquisition will help it expand its regulatory technology software suite with eComms surveillance tech.
Private equity firm Achieve Partners acquired managed security service provider (MSSP) Metmox with the goal of addressing the global talent shortage. As a result of the acquisition, Achieve will create a large-scale cybersecurity apprenticeship program that will prepare entry-level talent for cybersecurity careers at Metmox and its clients.
UK-based B2B2C platform Baanx announced buying a stake in US-based fintech bank Maxwell State Bank. Exact financial terms have not been disclosed, but it has been described as a multi-million-dollar deal and Baanx has become the third largest stakeholder in Maxwell. The goal of the investment is to “enhance cybersecurity and banking access to communities throughout America.”
Cybersecurity ratings company BitSight announced the acquisition of VisibleRisk, a cyber risk ratings venture created by credit ratings giant Moody’s and Israel-based cybersecurity think tank and venture creation foundry Team8. BitSight’s acquisition of VisibleRisk adds a cyber risk assessment capability and boosts its ability to analyze and calculate an organization’s financial exposure to cyber risk.
Consulting giant and government contractor Booz Allen Hamilton bought digital forensics and incident response company Tracepoint. Booz Allen Hamilton made a strategic investment in the company in January 2021 and it has now acquired the rest of Tracepoint’s business in an effort to expand its cybersecurity capabilities. Tracepoint and Booz Allen Hamilton’s commercial cyber business will be integrated in early 2022.
Information governance and data risk management firm Breakwater Solutions acquired Clairvoya, which specializes in data governance solutions. Clairvoya’s CEO will join Breakwater as COO and Clairvoya’s CTO will become Breakwater’s CTO. Breakwater says Clairvoya technology complements its own, adding data lineage for managing unstructured data in motion.
eDiscovery, risk management, document review and legal consulting services provider Consilio acquired the Adecco Group’s legal consulting and eDiscovery business of Special Counsel. Consilio says the acquisition of these business units will help it expand in areas such as document review, legal process outsourcing and cyber incident response.
Australia-based ICT and digital skills training firm DDLS has acquired New Zealand-based Auldhouse, which provides the same types of services, in a deal reportedly valued at roughly $17 million ($12 million). DDLS is Australia’s largest cybersecurity training provider and the acquisition will help both companies expand.
Software intelligence company Dynatrace announced the acquisition of parsing and query analytics company SpectX. Dynatrace said the deal will enable it to boost its platform’s observability and application security analytics capabilities.
Health information technology firm Document Storage Systems (DSS) acquired SBG Technology Solutions, a provider of IT services and solutions, including cybersecurity and governance solutions. SBG will operate as a subsidiary of DSS and they will help each other enhance their capabilities.
Professional services giant EY, specifically EY Australia, has acquired Australia-based MSSP SecureWorx in an effort to provide security operations center (SOC) services powered by Microsoft technologies.
Network security company FireMon acquired DisruptOps, which specializes in cloud security operations. FireMon said the acquisition will enable it to expand its solution to include security risk monitoring and response in cloud infrastructure. DisruptOps was founded by Jody Brazil, who also founded FireMon. As a result of the acquisition, Brazil will become CEO of the combined entity.
Software development company JFrog has acquired Upswift, a device management platform for connected products. The resulting platform will provide a wide range of capabilities, including several related to application development security.
Consumer cybersecurity firm Kape Technologies announced acquiring VPN service ExpressVPN for $936 million. Kape said the acquisition will help it create a “premium digital privacy and security player” and expand its customer base. The deal should also help Kape in terms of sales, cost savings, and product distribution.
Denmark-based SIEM solutions provider LogPoint is buying Israel-based threat detection and response firm SecBI in an effort to expand its XDR and SOAR capabilities. SecBI will become LogPoint Israel and it will remain in Tel Aviv.
Payments giant Mastercard is acquiring cryptocurrency intelligence and blockchain analytics company CipherTrace. Mastercard said its goal is to ensure that the digital asset ecosystem is trusted and safe, which it hopes to achieve by combining its own capabilities with those of CipherTrace.
Enterprise communications company Millennia Technologies is merging with Fusion IT, a cybersecurity firm and MSSP. The companies believe the merger will help them expand their offerings and their customer base.
Managed IT services provider Nexon Asia Pacific announced buying Veridian Solutions, which provides contact center, cloud and security services. Both companies are based in Australia. Nexon said Veridian’s contact center and unified communications offering complement its own, and Veridian’s dedicated cybersecurity practice complements its MSSP offering.
Critical infrastructure protection company OPSWAT acquired Israel-based malware analysis sandbox solution SNDBOX. SNDBOX will be integrated into OPSWAT’s Malware Analysis Solution offering, but will also be offered as a separate product. SNDBOX will help increase the accuracy of malware detection in IT and OT environments and reduce the cost of malware processing.
Network, cloud, workspace and cybersecurity solutions provider Orro acquired MSSP eSecure in an effort to strengthen its cybersecurity offering. Both companies are based in Australia. Orro’s security business will be expanded with detection and response, assurance testing, vulnerability management and incident response services.
MSP Solvinity has acquired a majority stake in Securify, which specializes in application security and penetration testing. Both companies are based in the Netherlands. The acquisition will enable Solvinity to expand its cybersecurity offering. Securify will continue to operate as an independent company under Solvinity.
Attack surface management pioneer Tenable is acquiring Accurics, an early-stage startup selling cloud-native security for DevOps and security teams, for $160 million in cash. The acquisition will help Tenable expand its product portfolio.
Consumer credit reporting agency TransUnion acquires risk, communications, security and marketing solutions provider Neustar for $3.1 billion. TransUnion said Neustar’s data and analytics technology will help it expand its digital identity capabilities, including fraud detection and prevention.
Security, cloud delivery and performance solutions provider Akamai acquired Israel-based cloud security company Guardicore in a $600 million deal. The acquisition of Guardicore’s micro-segmentation technology will help Akamai extend its zero trust solutions and enable it to better protect customers against ransomware and other malware.
Security operations platform provider Arctic Wolf acquired training platform Habitu8, which has helped it advance its Managed Security Awareness product, described as a security awareness and training program delivered as a concierge service.
Secure collaboration software provider archTIS announced the acquisition of assets of data security company Cipherpoint for $1.4 million. Both companies are based in Australia. The acquisition includes customers, technology and European operations of Cipherpoint’s software division.
Risk management, MDR and incident response services provider BlueVoyant acquired big data solutions consulting company Concanon. Concanon will be a wholly-owned subsidiary of BlueVoyant, but it will be a standalone company. BlueVoyant said the goal of the acquisition is to expand the capabilities of its Splunk security services.
Government IT and cybersecurity services company Criterion Systems announced the acquisitions of Protas Solutions and SAGE Black, both government contractors that provide data and software services to intelligence agencies. The goal of the acquisitions is the expansion of Criterion’s Intelligence Solutions business unit.
Unified communications firm Cytracom has entered into the security and connectivity market with the acquisition of OmniNet, which provides SD-WAN and cloud security solutions. While the deal will have no immediate results for customers, the companies have promised enhancements and new solutions in the future.
Trusted identities, payments and data protection solutions provider Entrust acquired financial technology company Antelop Solutions. Entrust said the acquisition will enable it to provide financial institutions with digital and physical credential issuance and transaction security solutions.
Cloud application and security solutions provider F5 is buying threat detection firm Threat Stack for $68 million in cash. F5 said its application and API protection solutions will be combined with Threat Stack’s cloud security capabilities to enhance visibility across application infrastructure and workloads.
McAfee Enterprise and FireEye Products will be combined into a cybersecurity giant with 5,000 employees, more than 40,000 customers and nearly $2 billion of revenue. The merger is expected to take place in the fourth quarter of 2021. McAfee Enterprise and FireEye Products were acquired earlier this year by private equity firm Symphony Technology Group (STG) for $4 billion and $1.2 billion, respectively.
Confidential computing cybersecurity firm HUB Security is acquiring Comsec, a company that provides security education, risk, testing and advisory services. Both companies are based in Israel and HUB will pay NIS 70 million ($21 million) in cash and shares for Comsec. The acquisition will help HUB expand its sales and distribution infrastructure.
Data security company Jungle Disk has acquired KeepItSafe, LiveVault and OffsiteDataSync from tech holding company J2 Global. KeepItSafe, LiveVault and OffsiteDataSync provide backup and other data protection solutions, and they complement Jungle Disk’s offering.
South Korean electronics giant LG Electronics is acquiring Israel-based automotive cybersecurity company Cybellum for roughly $240 million. The acquisition will help LG develop more secure automotive software and enhance its vehicle components business, while allowing Cybellum to expand its solutions.
Legal and compliance software provider Mitratech acquired governance, risk management and compliance platform provider Alyne. Mitratech said Alyne’s AI-powered platform will enable its customers to mitigate risk in real time, obtain quantifiable risk impacts, and reduce the complexity of managing legal and compliance risk.
Identity solutions provider Ping Identity acquired Singular Key, a company that specializes in no-code identity and security orchestration. Singular Key will be available through the PingOne Cloud Platform, enabling enterprises “to visually integrate identity services and transform the developer experience by collapsing thousands of lines of code into a single API.”
PwC Canada announced buying Canada-based cybersecurity consulting firm Avaleris, which specializes in Microsoft identity, security and cloud services. PwC said the deal will enable it to further enhance its cybersecurity and cloud offerings.
MSP Redcentric has acquired IT services provider Piksel Industry Solutions. Both companies are based in the UK. Redcentric said the acquisition will accelerate its ability to deliver its solutions to customers, and it expands its cloud and security capabilities. Redcentric will pay $13 million for Piksel.
AIOps and hybrid-cloud IT management company ScienceLogic acquired Restorepoint, which specializes in network configuration and change management. ScienceLogic said the deal helps it expand its portfolio into the network operations (NetOps) and security operations (SecOps) domains.